Add callbacks for client TLS connection establishment:

LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg) To be called whenever the client library allocates a new SSL* handle.

Add callbacks for client TLS connection establishment:
ae592801 · Howard Chu · 99ee94a3 · ae592801 · ae592801 · ae592801
Commit ae592801 authored 20 years ago by Howard Chu
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -134,6 +134,8 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_TLS_RANDOM_FILE	0x6009
 #define LDAP_OPT_X_TLS_SSL_CTX		0x600a
 #define LDAP_OPT_X_TLS_CRLCHECK		0x600b
+#define LDAP_OPT_X_TLS_CONNECT_CB	0x600c
+#define LDAP_OPT_X_TLS_CONNECT_ARG	0x600d
 #define LDAP_OPT_X_TLS_NEVER	0
 #define LDAP_OPT_X_TLS_HARD		1

--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -241,6 +241,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
 typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
+typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl,
+	void *ctx, void *arg ));
 LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
 	LDAPDN_rewrite_dummy *func, unsigned flags ));
 LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,

--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -170,6 +170,8 @@ struct ldapoptions {
 #ifdef HAVE_TLS
   	int			ldo_tls_mode;
+	LDAP_TLS_CONNECT_CB	*ldo_tls_connect_cb;
+	void*			ldo_tls_connect_arg;
 #endif
 	LDAPURLDesc *ldo_defludp;

--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -713,6 +713,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
 	} else {
+		struct ldapoptions *lo;
 		void *ctx = ld->ld_defconn
 			? ld->ld_defconn->lconn_tls_ctx : NULL;
@@ -728,8 +729,15 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
 		if( ctx == NULL ) {
+			ctx = tls_def_ctx;
 			conn->lconn_tls_ctx = tls_def_ctx;
 		}
+		lo = &ld->ld_options;
+		if ( lo->ldo_tls_connect_cb )
+			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+		lo = LDAP_INT_GLOBAL_OPT();   
+		if ( lo && lo->ldo_tls_connect_cb )
+			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
 	}
 	err = SSL_connect( ssl );
@@ -1201,6 +1209,12 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
 		*(void **)arg = retval;
 		break;
 	}
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		*(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
+		break;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		*(void **)arg = lo->ldo_tls_connect_arg;
+		break;
 	default:
 		return -1;
 	}
@@ -1253,6 +1267,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 			ld->ld_defconn->lconn_tls_ctx = arg;
 		}
 		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
+		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		lo->ldo_tls_connect_arg = arg;
+		return 0;
 	}
 	if ( ld != NULL ) {